Risk Analysis & Management - PowerPoint PPT Presentation
Title:
Risk Analysis & Management
Description:
Lecture-7 IT Project Management – PowerPoint PPT presentation
Number of Views:134
Title: Risk Analysis & Management
1
Project Risk Management
Instructor Inam Ul Haq Ref Book1, Chapter
11 Lecture 5, BSIT 7th University of Okara
Special Thanks
2
Learning Objectives
- Understand risk and the importance of good
project risk management - List common sources of risks on information
technology (IT) projects - Describe the process of identifying risks and
create a risk register - Discuss qualitative risk analysis and explain how
to calculate risk factors, create
probability/impact matrixes, and apply the Top
Ten Risk Item Tracking techniques to rank risks - Discuss how to control risks
3
The Importance of Project Risk Management
- Project risk management is the art and science of
identifying, analyzing, and responding to risk
throughout the life of a project and in the best
interests of meeting project objectives - Risk management is often overlooked in projects,
but it can help improve project success by
helping select good projects, determining project
scope, and developing realistic estimates
4
Project Management Maturity by Industry Group and
Knowledge Area
KEY 1 LOWEST MATURITY RATING
Knowledge Area Engineering/ Construction Telecommunications Information Systems Hi-Tech Manufacturing
Scope 3.52 3.45 3.25 3.37
Time 3.55 3.41 3.03 3.50
Cost 3.74 3.22 3.20 3.97
Quality 2.91 3.22 2.88 3.26
Human Resources 3.18 3.20 2.93 3.18
Communications 3.53 3.53 3.21 3.48
Risk 2.93 2.87 2.75 2.76
Procurement 3.33 3.01 2.91 3.33
Ibbs, C. William and Young Hoon Kwak. Assessing
Project Management Maturity, Project Management
Journal (March 2000).
5
Benefits from Software Risk Management Practices
Source Kulik and Weber, KLCI Research Group
6
Global Issues
- Many people around the world suffered from
financial losses as various financial markets
dropped - According to a global survey of 316 financial
services executives, over 70 percent of
respondents believed that the losses stemming
from the credit crisis were largely due to
failures to address risk management issues - They identified several challenges in
implementing risk management
7
Risk
- An uncertainty that can have a negative or
positive effect on meeting project objectives. - Negative risk involves understanding potential
problems that might occur in the project and how
they might delay project success - Positive risks are risks that result in good
things happening sometimes called opportunities
8
Risk Utility
- Risk utility or risk tolerance is the amount of
satisfaction or pleasure received from a
potential payoff - Utility rises at a decreasing rate for people who
are risk-averse - Those who are risk-seeking have a higher
tolerance for risk and their satisfaction
increases when more payoff is at stake - The risk-neutral approach achieves a balance
between risk and payoff
9
Risk Utility Function and Risk Preference
10
Project Risk Management Processes
- Planning risk management Deciding how to
approach and plan the risk management activities
for the project - 2. Identifying risks Determining which risks are
likely to affect a project and documenting the
characteristics of each - 3. Performing qualitative risk analysis
Prioritizing risks based on their probability and
impact of occurrence
11
Project Risk Management Processes (contd)
- Performing quantitative risk analysis
Numerically estimating the effects of risks on
project objectives - Planning risk responses Taking steps to enhance
opportunities and reduce threats to meeting
project objectives - Controlling risk Monitoring identified and
residual risks, identifying new risks, carrying
out risk response plans, and evaluating the
effectiveness of risk strategies throughout the
life of the project
12
(No Transcript)
13
Planning Risk Management
- The main output of this process is a risk
management plana plan that documents the
procedures for managing risk throughout a project - The project team should review project documents
and understand the organizations and the
sponsors approaches to risk
14
Topics Addressed in a Risk Management Plan
- Methodology
- Roles and responsibilities
- Budget and schedule
- Risk categories
- Risk probability and impact
- Revised stakeholders tolerances
- Tracking
- Risk documentation
15
Other Plans Contingency and Fallback Plans,
Contingency Reserves
- Contingency plans are predefined actions that the
project team will take if an identified risk
event occurs - Fallback plans are developed for risks that have
a high impact on meeting project objectives, and
are put into effect if attempts to reduce the
risk are not effective - Contingency reserves or allowances are provisions
held by the project sponsor or organization to
reduce the risk of cost or schedule overruns to
an acceptable level management reserves are
funds held for unknown risks
16
IT Success Potential Scoring Sheet
17
Broad Categories of Risk
- Market risk
- Financial risk
- Technology risk
- People risk
- Structure/process risk
18
Risk Breakdown Structure
- A risk breakdown structure is a hierarchy of
potential risk categories for a project - Similar to a work breakdown structure but used to
identify and categorize risks
19
Sample Risk Breakdown Structure
20
Risk Conditions Associated With Each Knowledge
Area
21
3-Identifying Risks
- Identifying risks is the process of understanding
what potential events might hurt or enhance a
particular project - Another consideration is the likelihood of
advanced discovery - Risk identification tools and techniques include
- Brainstorming (generate ideas or find a solution
for a specific problem). - The Delphi Technique (panel of experts who make
predictions about future developments). - Interviewing (for collecting information in
face-to-face, phone, e-mail, or instant-messaging
discussions). - SWOT analysis (strengths, weaknesses,
opportunities, and threats).
22
Risk Register
- The main output of the risk identification
process is a list of identified risks and other
information needed to begin creating a risk
register - A risk register is
- A document that contains the results of various
risk management processes and that is often
displayed in a table or spreadsheet format - A tool for documenting potential risk events and
related information - Risk events refer to specific, uncertain events
that may occur to the detriment or enhancement of
the project
23
Risk Register Contents
- An identification number for each risk event
- A rank for each risk event
- The name of each risk event
- A description of each risk event
- The category under which each risk event falls
- The root cause of each risk
24
Risk Register Contents (contd)
- Triggers for each risk triggers are indicators
or symptoms of actual risk events - Potential responses to each risk
- The risk owner or person who will own or take
responsibility for each risk - The probability and impact of each risk
occurring. - The status of each risk
25
Sample Risk Register
26
4-Performing Qualitative Risk Analysis
- Assess the likelihood and impact of identified
risks to determine their magnitude and priority - Risk quantification tools and techniques include
- Probability/impact matrixes(a matrix specifies
combinations of probability and impact that lead
to rating the risks as low, moderate, or high
priority. ) - The Top Ten Risk Item Tracking (a risk analysis
tool) - Expert judgment
27
Sample Probability/Impact Matrix
28
Performing Quantitative Risk Analysis
- Often follows qualitative risk analysis, but both
can be done together - Large, complex projects involving leading edge
technologies often require extensive quantitative
risk analysis - Main techniques include
- Decision tree analysis (a diagramming analysis
technique used to help select the best course of
action in situations in which future outcomes are
uncertain). - Simulation (Simulation uses a representation or
model of a system to analyze the expected
behavior or performance of the system). - Sensitivity analysis (is a technique used to show
the effects of changing one or more variables on
an outcome).
29
Planning Risk Responses
- After identifying and quantifying risks, you must
decide how to respond to them - Four main response strategies for negative risks
- Risk avoidance
- Risk acceptance
- Risk transference
- Risk mitigation
30
General Risk Mitigation Strategies for Technical,
Cost, and Schedule Risks
31
Response Strategies for Positive Risks
- Risk exploitation
- Risk sharing
- Risk enhancement
- Risk acceptance
32
Residual and Secondary Risks
- Its also important to identify residual and
secondary risks - Residual risks are risks that remain after all of
the response strategies have been implemented - Secondary risks are a direct result of
implementing a risk response
33
Controlling Risks
- Involves executing the risk management process to
respond to risk events and ensuring that risk
awareness is an ongoing activity performed by the
entire project team throughout the entire project - Workarounds are unplanned responses to risk
events that must be done when there are no
contingency plans - Main outputs of risk control are
- Work performance information
- change requests
- updates to the project management plan, other
project documents, and organizational process
assets
34
Chapter Summary
- Project risk management is the art and science of
identifying, analyzing, and responding to risk
throughout the life of a project and in the best
interests of meeting project objectives - Main processes include
- Plan risk management
- Identify risks
- Perform qualitative risk analysis
- Perform quantitative risk analysis
- Plan risk responses
- Control risks
35
Exercise
- EXPLORE TOP 5 IT PROJECT MANAGEMENT RISKS.
- WHY SOMETIMES SPECIFICATIONS ARE INCOMPLETE?
- CHOOSE A TOPIC AND PERFORM RISK MANAGEMENT.
- WHAT ARE LIMITATIONS IN RISK MANAGEMENT?
- WHAT IS THE DIFFERENCE B/W RISK AND UNCERTAINITY?
- EXPLORE MORE RISKS IN BUSINESS, TECHNICAL,
ORGANIZATIONAL, PROJECT MANGEMENT - WHAT ARE SOURCES OF RISKS?
- CHOOSE A PROJECT AND MAKE RISK REGISTER AND RISK
EVENTS - FIND ROOT CAUSE OF ANY 3 RISKS
